DHS releases cybersecurity services RFP
On April 1, the Department of Homeland Security released the request for proposals (RFP) for its security operations center support services cybersecurity acquisition. Proposals are due on May 13, no later than 2:00pm Eastern Time.
The primary objective of this acquisition is to establish a single-award, Indefinite Delivery/Indefinite Quantity (IDIQ) contract for “Security Operations Center (SOC) Support Services” that will enable the Department of Homeland Security (DHS), through the DHS Headquarters, including the Office of the Chief Information Officer (OCIO), Office of Chief Information Security Officer (CISO), the National Protection and Programs Directorate (NPPD), and the Directorate of Science and Technology (S&T) to accomplish the mission to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The Task Orders (TO) issued hereunder will be designed to acquire a broad range of services and solutions, under various contract types, to fulfill the Department’s cybersecurity mission, which is: to prevent, detect, contain, and eradicate cyber threats through monitoring, intrusion detection, and protective security services to DHS information systems including DHS wide area networks (WAN), Trusted Internet Connections (TIC), Policy Enforcement Points (PEP), security devices, servers, and workstation needs. Specific, in scope, requirements will be identified and defined at the Task Order level.
The Department of Homeland Security (DHS) Security Operations Center (SOC) monitors, detects, analyzes, mitigates, and responds to cyber threats and adversarial activity on the DHS Enterprise. Analysis is conducted in accordance with the DHS Intrusion Defense Chain (IDC) methodology; however the DHS Enterprise operates as a federated model, so its analytical methodology requires a combination of direct monitoring and response from the DHS SOC and coordinated activity with Component SOCs.
Components that operate their own SOCs have the responsibility to monitor the boundaries not identified by the DHS SOC. All Components are primarily responsible for incident response within their respective Component networks and systems. Aggregated event feeds from a subset of Component security devices are provided to the DHS SOC.
DHS Components have Internet connectivity through DHS-managed Trusted Internet Connection (TIC) gateways and connectivity to the DHS wide area OneNet network through Component-managed Policy Enforcement Point (PEP) security stacks. The DHS SOC retains primary responsibility for monitoring and responding to security events and incidents detected at the TICs and PEPs and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a shared DHS SOC incident tracking system and other means of coordination and communication. The DHS SOC is also responsible for coordinating and forwarding incident reports to United States Computer Emergency Readiness Team (US-CERT) and other external entities on behalf of Component SOCs and the rest of the DHS Enterprise.
Requirements include maintaining all current DHS SOC services and upgrading the DHS SOC from its current transition model to achieve the goals of the DHS SOC. Core required services include network monitoring and security event analysis, email security monitoring and analysis, computer security incident response and management, vulnerability assessment, security engineering, cyber intelligence support, intrusion analysis, and continuity of operations for SOC services.
Full information is available here.